public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "liuhongt at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug target/110027] [11/12/13/14 regression] Misaligned vector store on detect_stack_use_after_return
Date: Tue, 12 Mar 2024 05:10:55 +0000 [thread overview]
Message-ID: <bug-110027-4-JSMJttRTRU@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-110027-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110027
--- Comment #13 from Hongtao Liu <liuhongt at gcc dot gnu.org> ---
So the stack is like
----------- stack top
-32
--------- (offset -32)
-64 (32 bytes redzone)
--------- (offset -64)
-128 (64 bytes __m512)
-------- (offset -128)
(32-bytes redzone)
-------(offset -160) <--- __asan_stack_malloc_128 try to allocate an buffer
/* Emit the prologue sequence. */
if (asan_frame_size > 32 && asan_frame_size <= 65536 && pbase
&& param_asan_use_after_return)
{
use_after_return_class = floor_log2 (asan_frame_size - 1) - 5;
/* __asan_stack_malloc_N guarantees alignment
N < 6 ? (64 << N) : 4096 bytes. */
if (alignb > (use_after_return_class < 6
? (64U << use_after_return_class) : 4096U))
use_after_return_class = -1;
else if (alignb > ASAN_RED_ZONE_SIZE && (asan_frame_size & (alignb - 1)))
base_align_bias = ((asan_frame_size + alignb - 1)
& ~(alignb - HOST_WIDE_INT_1)) - asan_frame_size;
}
/* Align base if target is STRICT_ALIGNMENT. */
if (STRICT_ALIGNMENT)
{
const HOST_WIDE_INT align
= (GET_MODE_ALIGNMENT (SImode) / BITS_PER_UNIT) << ASAN_SHADOW_SHIFT;
base = expand_binop (Pmode, and_optab, base, gen_int_mode (-align,
Pmode),
NULL_RTX, 1, OPTAB_DIRECT);
}
if (use_after_return_class == -1 && pbase)
emit_move_insn (pbase, base);
base = expand_binop (Pmode, add_optab, base,
gen_int_mode (base_offset - base_align_bias, Pmode),
NULL_RTX, 1, OPTAB_DIRECT); ---------- suspicious add
orig_base = NULL_RTX;
if (use_after_return_class != -1)
{
...
ret = emit_library_call_value (ret, NULL_RTX, LCT_NORMAL, ptr_mode,
GEN_INT (asan_frame_size
+ base_align_bias),
TYPE_MODE (pointer_sized_int_node));
/* __asan_stack_malloc_[n] returns a pointer to fake stack if succeeded
and NULL otherwise. Check RET value is NULL here and jump over the
BASE reassignment in this case. Otherwise, reassign BASE to RET. */
emit_cmp_and_jump_insns (ret, const0_rtx, EQ, NULL_RTX,
VOIDmode, 0, lab,
profile_probability:: very_unlikely ());
ret = convert_memory_address (Pmode, ret);
emit_move_insn (base, ret);
emit_label (lab);
emit_move_insn (pbase, expand_binop (Pmode, add_optab, base,
gen_int_mode (base_align_bias
- base_offset, Pmode),
NULL_RTX, 1, OPTAB_DIRECT));
base_align_bias is calculated to make (asan_frame_size(128) +
base_align_bias(0)) be multiple of alignb (64), but didn't make `base_offset
(160) - base_align_bias (0)` be multiple of 64, so when __asan_stack_malloc_128
return an address aligned to 64, and then plus (base_offset (160) -
base_align_bias (0)), it's misaligned.
next prev parent reply other threads:[~2024-03-12 5:10 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-29 20:18 [Bug sanitizer/110027] New: " sneves at dei dot uc.pt
2023-05-29 20:54 ` [Bug target/110027] " pinskia at gcc dot gnu.org
2023-05-30 8:06 ` rguenth at gcc dot gnu.org
2023-05-30 14:49 ` oconnor663 at gmail dot com
2023-10-22 18:06 ` gcc at sicherha dot de
2023-12-01 17:42 ` pinskia at gcc dot gnu.org
2023-12-01 17:46 ` pinskia at gcc dot gnu.org
2023-12-17 23:24 ` pinskia at gcc dot gnu.org
2024-03-08 4:13 ` pinskia at gcc dot gnu.org
2024-03-08 11:41 ` elrodc at gmail dot com
2024-03-08 18:10 ` gcc at sicherha dot de
2024-03-08 18:52 ` [Bug target/110027] [11/12/13/14 regression] " sjames at gcc dot gnu.org
2024-03-11 3:28 ` liuhongt at gcc dot gnu.org
2024-03-12 5:10 ` liuhongt at gcc dot gnu.org [this message]
2024-03-12 6:35 ` liuhongt at gcc dot gnu.org
2024-03-15 1:51 ` liuhongt at gcc dot gnu.org
2024-03-25 12:34 ` rguenth at gcc dot gnu.org
2024-04-08 15:43 ` xry111 at gcc dot gnu.org
2024-04-09 18:25 ` [Bug target/110027] [11/12/13/14 regression] Stack objects with extended alignments (vectors etc) misaligned " jakub at gcc dot gnu.org
2024-04-10 10:25 ` [Bug middle-end/110027] " jakub at gcc dot gnu.org
2024-04-11 6:53 ` liuhongt at gcc dot gnu.org
2024-04-11 8:16 ` jakub at gcc dot gnu.org
2024-04-11 9:14 ` cvs-commit at gcc dot gnu.org
2024-04-11 10:06 ` [Bug middle-end/110027] [11/12/13 " jakub at gcc dot gnu.org
2024-04-12 18:09 ` carlos.seo at linaro dot org
2024-04-21 4:09 ` cvs-commit at gcc dot gnu.org
2024-04-23 6:44 ` [Bug middle-end/110027] [11/12 " jakub at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-110027-4-JSMJttRTRU@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).